Author Topic: 19.3.2369 Firefox and Chrome show Avast! Web/Mail Sheild Root not actual cert  (Read 3116 times)

0 Members and 1 Guest are viewing this topic.

Offline summer sand

  • Newbie
  • *
  • Posts: 11
After applying the 19.3.2369 March 11 update, Firefox 65.0.2 and Chrome 73.0.3683.75 (latest release version of each) are now showing Avast! Web/Mail Shield Root for the issuer instead of the actual certificates for various sites including google, facebook, ebay, and many smaller sites.

The same behavior change happened after this Avast update on two different Windows 10 machines.

Before, using the February update on both machines, Firefox and Chrome would show the site's actual certificate when you clicked the padlock icon and certificate.

After the update, I can't find a pattern as to when the real cert shows and when the Avast! Web/Mail Sheild Root shows as the issuer - avast is now showing over 50% of the time. I would really like the previous behavior back in firefox and chrome. Thanks.

Offline summer sand

  • Newbie
  • *
  • Posts: 11
I see https://forum.avast.com/index.php?topic=192534.msg1347062#msg1347062 that it was mentioned back in 2016 that if the new way for https scanning with firefox and chrome fails, it is designed to fall back to MITM

Are there any details on when this would fail? For some reason I find with the latest avast version upgrade it's falling back frequently and I don't see rhyme or reason as to when this occurs now.
« Last Edit: March 20, 2019, 03:02:19 AM by summer sand »

Offline M-J-K

  • Newbie
  • *
  • Posts: 2
On FF 66.0.1 / Windows 7, i can't confirm that Avast 19.3.2369 is falling back to MITM.
When I get it right, MITM was deactivated for Firefox in February by Virus Definition Update 190201-6. But what does that mean? Was http scanning fully switched off or was it replaced by these other methods described in https://forum.avast.com/index.php?topic=192534.msg1347062#msg1347062. And do these other methods really have the same efficiency in detecting malicious code in an encrypted stream like MITM? Maybe someone from the Avast team could shed some light on it?
« Last Edit: March 24, 2019, 02:45:05 PM by M-J-K »

Offline HK

  • Avast team
  • Full Member
  • *
  • Posts: 104
Hi summer sand,

Thank you for reporting this issue.
Now you should see original site certificate in both Mozilla Firefox 66.0 and Google Chrome 73.0.3683.86.
If you can still reproduce the issue could you please help us gather some logs for analysis?
First enable debug logging: GUI -> Menu -> Settings -> General -> Troubleshooting -> Enable debug logging
Then reproduce the issue (Have Avast! Web/Mail Shield Root certificate displayed instead of actual certificate).
Then create support package and submit it (https://www.avast.com/en-us/faq.php?article=AVKB33) and post the ID of the created package here so we can find it.


To M-J-K:
Https scanning was deactivated only in Firefox and only for a certain time. Now should be enabled and fully working.

Thank you very much,
HK

Offline summer sand

  • Newbie
  • *
  • Posts: 11
So far so good now on Firefox 66.0 and Chrome 73.0.3683.86 on both Windows 10 machines.

Thanks!


Offline summer sand

  • Newbie
  • *
  • Posts: 11
Today on computer 1 this problem resurfaced when Firefox updated to 67.0.

If I browse in chrome alone, it shows original site certificates - all is well.

If I browse in Firefox 67.0 now, it shows avast web/mail shield cert.

Interestingly, after browsing in Firefox 67.0 on the system, chrome then begins to show certs from avast web/mail shield root as well. Rebooting may help unless I open firefox again and then firefox and chrome start showing avast certs instead of the actual certs again.

I uninstalled and reinstalled avast twice on computer 1 with no change. All seems well until I launch firefox 67.0 and then this symptom reoccurs.

I then updated firefox on computer 2 to the latest version 67.0 and the same symptoms occurred as on computer 1. Both running windows 10.

Offline Asyn

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 71794
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Follow instructions: https://support.avast.com/article/33/ and post your File-ID here afterwards.
Win 8.1 [x64] - Avast PremSec 21.8.6586.IBC [UI.666] - EEK - Firefox ESR 78.14 [NS/uBO/PB] - TB 91.1
Avast-Tools: Secure Browser 93.0 - Cleanup 21.3 - SecureLine 5.13 - Driver Updater 21.3 - CCleaner 5.84
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0